Skip to main content
CVE-2021-23412 CRITICAL POC Act Now

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gitlogplus
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2021-25208 CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Travel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25206 CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Responsive Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25203 CRITICAL POC Act Now

Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Victor Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25207 CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload E Commerce Website
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-3169 CRITICAL Act Now

An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jumpserver
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-24036 CRITICAL PATCH Act Now

Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution.07.22.00.80.5, all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Folly Hhvm
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy